Brocade Communications Systems 12.4.00a Manual De Usuario

DDoS protection

5

lt

less-than

lteq

 less-than-or-equals

neq

not-equals

The configured generic rule will have to be bound to a filter, to take effect.

ServerIronADX(config)# security filter filter1

ServerIronADX(config-sec-filter1)# rule generic gen1 drop

Syntax: {no} rule generic <generic-rule-name>  [log | no-log] [drop | no-drop]

The <generic-rule-name> variable is the name of the preciously defined generic rule that 
you want to bind to a filter:

The log parameter directs the ServerIron ADX to log traffic on the bound interface that matches the 
generic rule specified by the configured <generic-rule-name>. The no-log parameter disables 
this function.

The drop parameter directs the ServerIron ADX to drop traffic on the bound interface that matches 
the generic rule specified by the configured <generic-rule-name>. The no-drop parameter 
disables this function.

Table 13 describes some attack types that require a generic rule.

TABLE 12

Common attack types that require a generic rule

Attack Type

Description

Information tunneling

Attacker attempts to pass information in and out of the network incognito. 
Packets appear to be performing one function. In reality, they are performing 
another function. For example, a remote user may be engaged in a root shell 
session on a protected host, but all transmissions appear to be ICMP echo 
requests and replies.
Use security generic to handle this attack type.

Well Known Attacks

There are many documented attacks that can be identified by using a 
pattern, also known as a signature.
Use security generic for this attack type. It provides you the flexibility of 
locating attacks having a pattern.